Solaris ssh pam_krb
Nicolas Williams
Nicolas.Williams at sun.com
Fri Mar 31 18:24:04 EST 2006
On Fri, Mar 31, 2006 at 06:17:53PM -0500, Jeffrey Hutzelman wrote:
> On Friday, March 31, 2006 04:20:48 PM -0600 Nicolas Williams
> <Nicolas.Williams at sun.com> wrote:
> >What other kernel-land applications can you think of or imagine that
> >fundamentally needs direct multi-application PAG support in the kernel
> >and can't upcall?
>
> - Encrypted (local) filesystems
Orthogonal to PAGs. The kernel needs to know keys for encrypting
objects/filesystems, but access controls are as normal (ACLs, mode bits).
We're planning on per-filesystem (think ZFS) keys, too, so there's no
per-"session" keys to worry about.
> - Kernel-mode ticket caches
Circular logic.
> - iscsi?
User credentials are not needed for iSCSI, typically, and iSCSI can
upcall like everybody else.
> Maybe PAG-based authorization for things like X server or ssh agent
> connections. In reality, I bet those can be handled in user mode, though
> an application like that would require some trusted entity for allocating
> ID's which are unique across the system.
Authorization by PAG requires making changes to lots of things in the
kernel (e.g., two procs w/ equal cred_t's but for different PAGs should
not be allowed to trace each other w/o special privilege).
Keep it simple.
Nico
--
More information about the Kerberos
mailing list